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The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXRIRE 3 MONTH{S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- if the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

. If NO period for reply is specified above., the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )S Responsive to communication(s) filed on 18 January 2002 . 
2a)n This action is FINAL. 2b)IEI This action is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) 13 Claim(s) 1 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) ^ Claim(s) 1 is/are rejected. 

?)□ Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement- 
Application Papers 

9) IEI The specification is objected to by the Examiner. 

10)IEI The drawing(s) filed on 18 January 2002 is/are: a)n accepted or b)S objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)0 Acknowledgment is made of a claim for foreign priority . under 35 U.S.C. § 119(a)-(d) or (f). 
a)n All b)n Some * 0)0 None of: 

1 Certified copies of the priority documents have been received. 

2.\3 Certified copies of the priority documents have been received in Application No. . 

30 Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) K Notice of References Cited (PTO-892) 

2) □ Notice of Draflsperson's Patent Drawing Review (PTO-948) 

3) D Information Disclosure Statement(s) (PTO-1 449 or PTO/SB/08) 

Paper No(s)/Mail Date . 

U.S. Patent and Trademark Office 

PTOL-326 (Rev. 1 -04) Office Action Summary Part of Paper No./Mall Date 20050627 



4) 11] Inten/iew Summary (PTO-41 3) 

Paper No(s)/Mail Date. . 

5) Q Notice of Informal Patent Application (PTO-152) 

6) □ Other: . 
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DETAILED ACTION 

Drawings 

1 . The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(5) 
because they do not include the following reference sign(s) mentioned in the 
description: 226 (page 8, line 1, perhaps 26 was intended). Corrected drawing sheets 
in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid 
abandonment of the application. Any amended replacement drawing sheet should 
include all of the figures appearing on the immediate prior version of the sheet, even if 
only one figure is being amended. Each drawing sheet submitted after the filing date of 
an application must be labeled in the top margin as either "Replacement Sheet" or "New 
Sheet" pursuant to 37 CFR 1.121 (d). If the changes are not accepted by the examiner, 
the applicant will be notified and informed of any required corrective action in the next 
Office action. The objection to the drawings will not be held in abeyance. 

2. The drawings are objected to as failing to comply with 37 CFR 1.84(p)(4) 
because reference character "204" has been used to designate both "Stage I" 
(paragraph 41) and "VKdb" (paragraph 43). Corrected drawing sheets in compliance 
with 37 CFR 1 .121(d) are required in reply to the Office action to avoid abandonment of 
the application. Any amended replacement drawing sheet should include all of the 
figures appearing on the immediate prior version of the sheet, even if only one figure is 
being amended. Each drawing sheet submitted after the filing date of an application 
must be labeled in the top margin as either "Replacement Sheet" or "New Sheet" 
pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the 
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applicant will be notified and informed of any required corrective action in the next Office 
action. The objection to the drawings will not be held in abeyance. 

3. The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(5) 
because they include the following reference character(s) not mentioned in the 
description: 300 (figure 3). Corrected drawing sheets in compliance with 37 CFR 
1.121(d), or amendment to the specification to add the reference character(s) in the 
description in compliance with 37 CFR 1.121(b) are required in reply to the Office action 
to avoid abandonment of the application. Any amended replacement drawing sheet 
should include all of the figures appearing on the immediate prior version of the sheet, 
even if only one figure is being amended. Each drawing sheet submitted after the filing 
date of an application must be labeled in the top margin as either "Replacement Sheet" 
or "New Sheet" pursuant to 37 CFR 1.121(d). If the changes are not accepted by the 
examiner, the applicant will be notified and informed of any required corrective action in 
the next Office action. The objection to the drawings will not be held in abeyance. 

Specification 

4. Applicant is reminded of the proper language and format for an abstract of the 
disclosure. 

The abstract should be in narrative form and generally limited to a single 
paragraph on a separate sheet within the range of 50 to 150 words. It is important that 
the abstract not exceed 150 words in length since the space provided for the abstract 
on the computer tape used by the printer is limited. The form and legal phraseology 
often used in. patent claims, such as "means" and "said," should be avoided. The 
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abstract should describe the disclosure sufficiently to assist readers in deciding whether 
there is a need for consulting the full patent text for details. 

The language should be clear and concise and should not repeat information 
given in the title. It should avoid using phrases which can be implied, such as, "The 
disclosure concerns," "The disclosure defined by this invention," "The disclosure 
describes," etc. 

The abstract of the disclosure is objected to because it is too long. Correction is 
required. See MPEP § 608.01(b). 

5. The disclosure is objected to because it contains an embedded hyperlink and/or 
other form of browser-executable code (page 6, paragraph 17). Applicant is required to 
delete the embedded hyperlink and/or other form of browser-executable code. See 
MPEP§ 608.01. 

6. The disclosure is objected to because of the following informalities: a brief 
description of figure 3 is not included (page 13, paragraph 37), twenty-none (page 27, 
paragraph 79). Appropriate correction is required. 
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Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject nfiatter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

8. Claim 1 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Wagner et al. (NPL A First Step Towards Automated Detection of Buffer Overrun 
Vulnerabilities), and further in view of Viega et al. (NPL ITS4: A Static Vulnerability 
Scanner for C and C++ Code). 

Regarding claim 1 , Wagner et al. teach 

applying a code parser to the software application to generate an abstract syntax 

tree (figure 2); 

comparing the abstract syntax tree and the classes of known software 
vulnerabilities to identify a set of potential exploitable software vulnerabilities (Section I); 
and 

performing a static analysis of the set of potential exploitable software 
vulnerabilities wherein the static analysis is flow sensitive analysis of a list of 
constraints, and wherein the results of the static analysis comprise a set of exploitable 
software vulnerabilities (Sections 1.1, 3.1, and 6-7). 

Wagner et al. teach the use of a vulnerability database (section 1), but do not 
expressly disclose creating a vulnerability knowledge database comprising one or more 
classes of known software vulnerabilities. 
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However, Viega et al. teach creating a vulnerability knowledge database 
comprising one or more classes of known software vulnerabilities (pages 258-263). 
Therefore, it would have been obvious to one having ordinary skill in the art at the time 
the invention was made to combine the vulnerability database of Viega et al. with the 
system of Wagner et al. One of ordinary skill in the art would have been motivated to do 
so because it was well known in the art to use a database of vulnerabilities.to check 
source code against it (Viega et al., page 261). 
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Conclusion 



9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David G. Cervetti whose telephone number is (571) 272- 
5861. The examiner can normally be reached on Monday-Friday 7:00 am - 5:00 pm, off 
on Wednesday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on (571) 272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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